<?php
/*********************************************************************\
* This File is a part of BH-PANEL (Breizh-Heberg Panel v2.1)
* Copyright (C) 2008-2009 the BH Developpers : Vincent Giersch <mail@vincordi.fr>, Cyprien Laleau <fanning.fr@gmail.com> and Edwin Cabiten <marmottes44@hotmail.fr>
* See file AUTHORS to get more informations

* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.

* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
* GNU General Public License for more details.

* You should have received a copy of the GNU General Public License
* along with this program.  If not, see <http://www.gnu.org/licenses/>.
/*********************************************************************/

$paypalserv = "www.paypal.com";
$auth_token = "";
$pp_mail = "admin@breizh-heberg.net";

if($_GET['allopass_check'] == "OK") {
echo "OK";
exit;
}
elseif($_GET['allopass_check'] == "ERR") {
echo "ERR";
}

if(isset($_SESSION['u_nic'])) {
	include('php/lib/panel_inc.php');
			if($_GET['micropay'] == 1) {
				if (!isset($HTTP_SESSION_VARS) && isset($_SESSION)) { $HTTP_SESSION_VARS = $_SESSION; $HTTP_SERVER_VARS = $_SERVER; }
				$idprotect = "73983";
				if ($idprotect == $HTTP_GET_VARS[id]) {
					$requete = "http://secure.rentabiliweb.com/Micropaiement.php?act=ss&";
					$requete.= $HTTP_SERVER_VARS['QUERY_STRING'];
					$requete.= "&REMOTE_ADDR=".$HTTP_SERVER_VARS['REMOTE_ADDR'];
					$tabrep = @file($requete); 
				}
				else {
					unset($tabrep);
				}
				if($tabrep[0] == "OUI") {
					if($_GET['pays'] == 'be') {
						query("UPDATE users SET u_portemonnaie = u_portemonnaie + 0.95 WHERE u_nic = '".$_SESSION['u_nic']."'");
						$tpl->assign(array('code_erreur' => 3));
					}
					else {
						query("UPDATE users SET u_portemonnaie = u_portemonnaie + 1 WHERE u_nic = '".$_SESSION['u_nic']."'");
						$tpl->assign(array('code_erreur' => 2));
					}
					$infos_users = mysql_fetch_array(query("SELECT u_portemonnaie FROM users WHERE u_nic = '".$_SESSION['u_nic']."'"));
					$title = "Votre porte monnaie Electronique Breizh Héberg";
					$tplinc = "panel-general-portemonnaie";
					$parse = 1;
					$tpl->assign(array(
						'iconesleft' => 1,
						'u_nic' => $_SESSION['u_nic'],
						'pm_credit' => $infos_users['u_portemonnaie']
					));
					if(isset($_SESSION['commande_dom'])) {
						$tpl->assign(array('commande_dom' => 1));
					}
				}
				else {
					$infos_users = mysql_fetch_array(query("SELECT u_portemonnaie FROM users WHERE u_nic = '".$_SESSION['u_nic']."'"));
					$title = "Votre porte monnaie Electronique Breizh Héberg";
					$tplinc = "panel-general-portemonnaie";
					$parse = 1;
					$tpl->assign(array(
						'code_erreur' => 1,
						'iconesleft' => 1,
						'u_nic' => $_SESSION['u_nic'],
						'pm_credit' => $infos_users['u_portemonnaie']
					));
					if(isset($_SESSION['commande_dom'])) {
						$tpl->assign(array('commande_dom' => 1));
					}
				}
			}
			if($_GET['micropay'] == 2) {
				$code = urlencode($_POST["CODE0"]);
				if(trim($code) == "") {
					$error = 1;
				}
				$r = @file("http://www.allopass.com/check/index.php4?CODE=$code&SITE_ID=154911&DOC_ID=424766");
				if($r[0] != "OK") {
					$error = 1;
				}
				else {
					$error = 0;
				}


				if($error == 0) {
					query("UPDATE users SET u_portemonnaie = u_portemonnaie + 1 WHERE u_nic = '".$_SESSION['u_nic']."'");
					$infos_users = mysql_fetch_array(query("SELECT u_portemonnaie FROM users WHERE u_nic = '".$_SESSION['u_nic']."'"));
					$title = "Votre porte monnaie Electronique Breizh Héberg";
					$tplinc = "panel-general-portemonnaie";
					$parse = 1;
					$tpl->assign(array(
						'code_erreur' => 2,
						'iconesleft' => 1,
						'u_nic' => $_SESSION['u_nic'],
						'pm_credit' => $infos_users['u_portemonnaie']
					));
					if(isset($_SESSION['commande_dom'])) {
						$tpl->assign(array('commande_dom' => 1));
					}
				}
				else {
					$infos_users = mysql_fetch_array(query("SELECT u_portemonnaie FROM users WHERE u_nic = '".$_SESSION['u_nic']."'"));
					$title = "Votre porte monnaie Electronique Breizh Héberg";
					$tplinc = "panel-general-portemonnaie";
					$parse = 1;
					$tpl->assign(array(
						'code_erreur' => 1,
						'iconesleft' => 1,
						'u_nic' => $_SESSION['u_nic'],
						'pm_credit' => $infos_users['u_portemonnaie']
					));
					if(isset($_SESSION['commande_dom'])) {
						$tpl->assign(array('commande_dom' => 1));
					}
				}
			}
			
			elseif($_GET['paypal'] == "in") {
				$req = 'cmd=_notify-synch';
				$tx_token = $_GET['tx'];
				$req .= "&tx=$tx_token&at=$auth_token&txn_id=$auth_token";

				$header .= "POST /cgi-bin/webscr HTTP/1.0\r\n";
				$header .= "Content-Type: application/x-www-form-urlencoded\r\n";
				$header .= "Content-Length: " . strlen($req) . "\r\n\r\n";
				$fp = fsockopen ('ssl://'.$paypalserv, 443, $errno, $errstr, 30);

				if (!$fp) {
					$title = "Paiement Paypal";
					$tplinc = "panel-general-portemonnaie-paypal";
					$parse = 1;
				} 
				else {
					fputs ($fp, $header . $req);
					$res = '';
					$headerdone = false;
					
					while (!feof($fp)) {
						$line = fgets ($fp, 1024);
						if (strcmp($line, "\r\n") == 0) {
						// read the header
							$headerdone = true;
						}
						else if ($headerdone) {
							$res .= $line;
						}
					}
					$lines = explode("\n", $res);
					$keyarray = array();
					if (strcmp ($lines[0], "SUCCESS") == 0) {
						for ($i=1; $i<count($lines);$i++){
							list($key,$val) = explode("=", $lines[$i]);
							$keyarray[urldecode($key)] = urldecode($val);
						}
						if(strcmp ($lines[16], "receiver_email=v_1210309512_biz%40breizh-heberg.net") == 0) {
							$mc_goss = explode("mc_gross=", $lines[26]);$mc_goss = $mc_goss[1];trim($mc_goss);
							$somme = $mc_goss-0.25 - round(($mc_goss-0.25)*3.4/100,2);
							$deja = mysql_fetch_array(query("SELECT COUNT(*) AS deja FROM paypaldata WHERE verify = '".mysql_real_escape_string($lines[1])."' AND email = '".mysql_real_escape_string($lines[13])."'"));
							if($deja['deja'] == 0) {
								query("INSERT INTO paypaldata(verify, email, somme, status) VALUES('".mysql_real_escape_string($lines[1])."', '".mysql_real_escape_string($lines[13])."', '$mc_gross', '".mysql_real_escape_string($lines[1])."')");
								$nic_req = explode("custom=", $lines[27]);$nic_req = $nic_req[1];
								query("UPDATE users SET u_portemonnaie = u_portemonnaie + $mc_goss WHERE u_nic = '".intval($nic_req)."'");
								
								$title = "Paiement Paypal";
								$tplinc = "panel-general-portemonnaie-paypal";
								$parse = 1;
								$tpl->assign(array(
									"ok" => 1,
									"montant" => $somme,
									'iconesleft' => 1
								));
							}
							else {
								$title = "Paiement Paypal";
								$tplinc = "panel-general-portemonnaie-paypal";
								$parse = 1;
								$tpl->assign(array(
									"ok" => 3
								));
							}
						}
						else {
							$title = "Paiement Paypal";
							$tplinc = "panel-general-portemonnaie-paypal";
							$parse = 1;
							$tpl->assign(array(
								"ok" => 4
							));
						}
					}
					else if (strcmp ($lines[0], "FAIL") == 0) {
						
						$title = "Paiement Paypal";
						$tplinc = "panel-general-portemonnaie-paypal";
						$parse = 1;
						$tpl->assign(array(
							"ok" => 2,
							"error" => $_POST.$res
						));
					}

					}
					fclose ($fp);
			
			}
			else {
				if($_GET['form'] == 'micro') {
					$title = "Créditer par micropaiement";
					$tplinc = "panel-general-portemonnaie-micro";
					$parse = 1;
					$tpl->assign(array(
					'iconesleft' => 1,
					));
				}
				elseif($_GET['form'] == 'rentab') {
					if(isset($_GET['pays'])) {
						$tpl->assign(array(
							'pays' => preg_replace('#([^a-z])+#i', '', $_GET['pays'])
						));
					}
					else {
						$tpl->assign(array(
							'pays' => 'fr'
						));
					}
					if(isset($_GET['moyen'])) {
						$tpl->assign(array(
							'moyen' => preg_replace('#([^a-z])+#i', '', $_GET['moyen'])
						));
					}
					else {
						$tpl->assign(array(
							'moyen' => 'audiotel'
						));
					}
					$title = "Créditer par micropaiement par Rentabiliweb";
					$tplinc = "panel-general-portemonnaie-rentab";
					$parse = 1;
					$tpl->assign(array(
						'iconesleft' => 1,
					));
				}
				elseif($_GET['form'] == 'allopass') {
					if(isset($_GET['pays'])) {
						$tpl->assign(array(
							'pays' => preg_replace('#([^a-z])+#i', '', $_GET['pays'])
						));
					}
					else {
						$tpl->assign(array(
							'pays' => 'fr'
						));
					}
					$title = "Créditer par micropaiement par Allopass";
					$tplinc = "panel-general-portemonnaie-allopass";
					$parse = 1;
					$tpl->assign(array(
						'iconesleft' => 1,
					));
				}
				elseif($_GET['form'] == 'starpass') {
					$title = "Créditer par micropaiement par StarPass";
					$tplinc = "panel-general-portemonnaie-starpass";
					$parse = 1;
					$tpl->assign(array(
						'iconesleft' => 1,
					));
				}
				else {
					$infos_users = mysql_fetch_array(query("SELECT u_portemonnaie FROM users WHERE u_nic = '".$_SESSION['u_nic']."'"));
					$title = "Votre porte monnaie Electronique Breizh Héberg";
					$tplinc = "panel-general-portemonnaie";
					$parse = 1;
					if(isset($_SESSION['commande_dom'])) {
						$tpl->assign(array('commande_dom' => 1));
					}
					$tpl->assign(array(
					'iconesleft' => 1,
					'u_nic' => $_SESSION['u_nic'],
					'pm_credit' => $infos_users['u_portemonnaie'],
					'paypal_serv' => $paypalserv,
					'pp_mail' => $pp_mail
					));
				}
			}
}
elseif(isset($_GET['membre']) OR isset($_SESSION['credmembre'])) {
	if(isset($_GET['membre'])) {
		$_SESSION['credmembre'] = intval($_GET['membre']);
		setcookie("ref_partner", intval($_GET['membre']), time()+3600*24*30, '/');
	}
	
	if($_GET['micropay'] == 1) {
		if (!isset($HTTP_SESSION_VARS) && isset($_SESSION)) { $HTTP_SESSION_VARS = $_SESSION; $HTTP_SERVER_VARS = $_SERVER; }
		$idprotect = "73983";
		if ($idprotect == $HTTP_GET_VARS[id]) {
			$requete = "http://secure.rentabiliweb.com/Micropaiement.php?act=ss&";
			$requete.= $HTTP_SERVER_VARS['QUERY_STRING'];
			$requete.= "&REMOTE_ADDR=".$HTTP_SERVER_VARS['REMOTE_ADDR'];
			$tabrep = @file($requete); 
		}
		else {
			unset($tabrep);
		}
		if($tabrep[0] == "OUI") {
			query("UPDATE users SET u_portemonnaie = u_portemonnaie + 1 WHERE u_nic = '".$_SESSION['credmembre']."'");
			$tplinc = "panel-general-portemonnaie-ext";
			$parse = 1;
			$about = mysql_fetch_array(query("SELECT * FROM users WHERE u_nic = '".$_SESSION['credmembre']."'"));
			$title = "Créditer le compte de ".$about['u_nom']." ".$about['u_prenom']." sur Breizh Héberg";
			$tpl->assign(array(
				'code_erreur' => 2,
				'u_nom' => $about['u_nom'],
				'u_prenom' => $about['u_prenom'],
				'u_nic' => $_SESSION['credmembre'],
				'paypal_serv' => $paypalserv
				
			));
			if(isset($_SESSION['commande_dom'])) {
				$tpl->assign(array('commande_dom' => 1));
			}
		}
		else {
			$tplinc = "panel-general-portemonnaie-ext";
			$parse = 1;
			$about = mysql_fetch_array(query("SELECT * FROM users WHERE u_nic = '".$_SESSION['credmembre']."'"));
			$title = "Créditer le compte de ".$about['u_nom']." ".$about['u_prenom']." sur Breizh Héberg";
			$tpl->assign(array(
				'code_erreur' => 1,
				'u_nom' => $about['u_nom'],
				'u_prenom' => $about['u_prenom'],
				'u_nic' => $_SESSION['credmembre'],
				'paypal_serv' => $paypalserv
			));
			if(isset($_SESSION['commande_dom'])) {
				$tpl->assign(array('commande_dom' => 1));
			}
		}
	}
	elseif($_GET['paypal'] == "in") {
		$req = 'cmd=_notify-validate';
		foreach ($_POST as $key => $value) {
		$value = urlencode(stripslashes($value));
		$req .= "&$key=$value";
		}
		$header .= "POST /cgi-bin/webscr HTTP/1.0\r\n";
		$header .= "Content-Type: application/x-www-form-urlencoded\r\n";
		$header .= "Content-Length: " . strlen($req) . "\r\n\r\n";
		$fp = fsockopen ('ssl://'.$paypalserv, 443, $errno, $errstr, 30);

		if (!$fp) {
			$title = "Paiement Paypal";
			$tplinc = "panel-general-portemonnaie-paypal";
			$parse = 1;
		} 
		else {
			fputs ($fp, $header . $req);
			while (!feof($fp)) {
				$res = fgets ($fp, 1024);
				if (strcmp ($res, "VERIFIED") == 0) {
					if($_POST['receiver_email'] == "admin@breizh-heberg.net") {
						$somme = $_POST['mc_gross'] -0.25 - round(($_POST['mc_gross']-0.25)*3.4/100,2);
						$deja = mysql_fetch_array(query("SELECT COUNT(*) AS deja FROM paypaldata WHERE verify = '".mysql_real_escape_string($_POST['verify_sign'])."'"));
						if($deja['deja'] == 0) {
							query("INSERT INTO paypaldata(verify, email, somme, status) VALUES('".mysql_real_escape_string($_POST['verify_sign'])."', '".mysql_real_escape_string($_POST['payer_email'])."', '".mysql_real_escape_string($_POST['mc_gross'])."', '".mysql_real_escape_string($_POST['payment_status'])."')");
							query("UPDATE users SET u_portemonnaie = u_portemonnaie + $somme WHERE u_nic = '".intval($_POST['option_selection1'])."'");
							
							$title = "Paiement Paypal";
							$tplinc = "panel-general-portemonnaie-paypal";
							$parse = 1;
							$tpl->assign(array(
								"ok" => 1,
								"montant" => $somme,
								'iconesleft' => 1
							));
						}
					}
				}
				else if (strcmp ($res, "INVALID") == 0) {
					$title = "Paiement Paypal";
					$tplinc = "panel-general-portemonnaie-paypal";
					$parse = 1;
				}

			}
			fclose ($fp);
		}
	
	}
	else {
		if($_GET['form'] == 'micro') {
			$title = "Créditer le compte d'un membre de Breizh Héberg";
			$tplinc = "panel-general-portemonnaie-micro-ext";
			$parse = 1;
			$about = mysql_fetch_array(query("SELECT * FROM users WHERE u_nic = '".$_SESSION['credmembre']."'"));
			$tpl->assign(array(
				'u_nom' => $about['u_nom'],
				'u_prenom' => $about['u_prenom'],
				'u_nic' => $_SESSION['credmembre'],
			));
		}
		else {
			$tplinc = "panel-general-portemonnaie-ext";
			$parse = 1;
			$about = mysql_fetch_array(query("SELECT * FROM users WHERE u_nic = '".$_SESSION['credmembre']."'"));
			$tpl->assign(array(
				'u_nom' => $about['u_nom'],
				'u_prenom' => $about['u_prenom'],
				'u_nic' => $_SESSION['credmembre'],
				'paypal_serv' => $paypalserv
			));
			$title = "Créditer le compte de ".$about['u_nom']." ".$about['u_prenom']." sur Breizh Héberg";

		}
	}
}
else { header("Location:/site/connexion.html"); }
?>